How To Do A HIPAA Risk Assessment – Part 2

The Office of Civil Rights (OCR) is performing more and more HIPAA audits. How can you avoid getting hit with severe penalties from the government? The best way is to perform a complete HIPAA Risk Assessment, and to follow through with training and implementation.

Find out how to get compliant, and stay compliant in this multi-part series.  (To get this multi-part series delivered to your inbox CLICK HERE)

Now that you know what a HIPAA Risk Assessment is, let’s start with the basics.

To get compliant and avoid substantial fines, you need to know where your protected health information (PHI) is stored, accessed, transmitted and used.

To do this, it is imperative to create a complete inventory of devices at your practice. The OCR will require this inventory if your practice is audited.

Inventories are especially important if your staff is able to access PHI on mobile devices, such as laptops, tablets and cell phones.

What should be included in your inventory?

An inventory should be a comprehensive list of  all hardware used, or that could potentially be used, to access, store or transmit PHI. For each device, the HIPAA Privacy and Security Officers should keep a list of the:

  1. Name of the employee(s) using the device;
  2. Type of the device;
  3. Make of the device;
  4. Model of the device;
  5. Serial number of the device; and
  6. Mobile Equipment Identifier (MEID) of the device, if applicable.

All hardware needs to be inventoried.

This includes: computers, laptops, printers, copiers, fax machines, cell phones, cameras, storage devices, tablets, etc.

And remember, once isn’t enough...

Inventories must be updated regularly, and policies need to be in place that require staff members to report any and all new devices to the your HIPAA Privacy and Security Officers.

If a staff member leaves your organization, there must be verification that all computer equipment, software and mobile electronic devices have been returned to avoid potential breaches and OCR fines.

In our next blog post, we will continue this series on HIPAA Risk Assessments.  To get this important series delivered directly to your mail box, 

Do you need help with your HIPAA Risk Assessment?  We can help. To contact us about your risk assessment or your other legal needs:  CLICK HERE.

 

Related Posts

Categories

Recent Posts

Estate Planning Terms to Know
December 1, 2022
Are You Providing Patients with their Records Quickly Enough?
November 29, 2022
Happy Thanksgiving from Rickard & Associates!
November 24, 2022
Protect Your Practice Against Telemedicine Fraud
November 22, 2022
Do I Need an Estate Plan?
November 17, 2022

Subscribe

Enter your email to subscribe now and receive your FREE HIPAA Risk Assessment book!

An essential tool for all healthcare providers, Easy Guide to HIPAA Risk Assessments breaks down the requirements of HIPAA so you can successfully complete your required risk assessment.

 

Get it now for FREE (an $8.99 value!)

One more step! Please check your email to confirm your subscription and receive your FREE book!